A New Gaming Feature: Spyware

Rejoice gaming fans, for the latest new "feature" of Blizzard Entertainment's smash hit multi-player online videogame World of Warcraft is here! No, it's not a new Sword of Destruction or Staff of Power—it's spyware! Yes, unbeknownst to many gamers, World of Warcraft now has an unwanted special feature—a hidden program called "Warden" that snoops gamers' computers looking for any "unauthorized third-party program" that "enables or facilitates cheating of any type."

According to Greg Hoglund, co-author of "Exploiting Software, How to Break Code," this hidden program opens every process on a gamer's computer, from email programs to privacy managers, and sniffs email addresses, website URLs open at the time of the scan, and the names of all running programs—whether or not those programs, emails, or websites could conceivably have anything to do with hacking.

Blizzard calls this an "anti-cheating system." We call it a massive invasion of privacy.

Blizzard has scrambled to come up with three responses to the widespread criticism:

Well, problem one is that gamers have no choice but to accept Blizzard's word on that. More importantly, if Hoglund is right, Blizzard has a pretty skewed idea of privacy—we can look at your personal info, but if we don't collect it there's no invasion? Hardly. We also wonder how Blizzard's executives would feel if we searched their homes, wallets, and bank accounts and read their letters and emails but didn't write down anything we found.

We all learned the problem with that reasoning from Mom ("If all of your friends jumped off a bridge...").

Response 3: Read the EULA. Blizzard advises gamers of its intent to invade in its terms of service. "People should read contracts," says Blizzard rep John Lagrave.

True enough—people should read contracts. But here's the really depressing part of this story—companies like Blizzard know few people read the terms of service and end-user license agreements that pop-up when they install new software or create new accounts, and fewer still have the time, patience, and knowledge to parse the legalese. Without some constraints on what a company can hide within these massive legal tomes, more and more companies will learn that they can invade our electronic privacy for any reason they wish—as long as they disclose it somewhere in the fine print. The cost of such a practice over time is not only access to our personal and private information but also control over our personal computers and devices. Then we really will be prisoners to the Wardens of the networked world.

UPDATE: Want to see what Warden is reading? Greg Hoglund has released a program, which he calls "The Governor," that "watches the activities of World of Warcraft, and clearly reports which data is being read from other processes."

Related Updates

Law enforcement access to data is in the middle of a profound shake-upacross the globe. States are pushing to get quicker, deeper, and more invasive access to personal data stored on the global Internet, and are looking to water down the international safeguards around privacy and due...

California Governor Gavin Newsom, in his first State of the State Address, called for a “Data Dividend” (what some are calling a “digital dividend”) from big tech. It’s notyetclear what form this dividend will take. We agree with Governor Newsom...

EFF joined a letter to Secretary of State Mike Pompeo opposing a proposal to deploy stronger vetting procedures against Chinese students intending to study in the United States because the procedures would threaten the free speech interests of both Chinese students and their American associates. Reuters...

The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech companies instead design their products to manipulate users into surrendering their data...

France’s data protection authority is first out the gate with a big decision regarding a high-profile tech company, and every other enforcer in Europe is taking notes. On January 21, France’s CNIL fined Google 50 million Euros for breaches of the General Data Protection Regulation (GDPR)...

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers. And even though...

Since even before he took office, President Trump has called for a physical wall along the southern border of the United States. Manydifferentorganizations have argued this isn’t a great idea. In response, some Congressional Democrats have suggested turning to surveillance...